Hi Christian, Take a look at the kernel configuration, some of the listed modules (like "Connection Tracking Match", "Multi-port Match", "Mark", ...) are compiled in the kernel and others are just available, like ipp2p. I'm not sure how shorewall does the exact scan of possibilities.
It is very well possible that a few of the items listed are indeed not available, but those are maybe highly experimental, are not available for kernel 2.4.x or needs heavily patching of both the kernel and iptables. Are there any specific items you are missing functionality wise? Eric > David, > > > that's what I'm talking about. IMHO there must be all compiled/patched > modules for a full support of all features we can get from shorewall. > making this distro even more complete. >> ----- Original Message ----- >> From: David HUSSER >> To: Christian Villa Real Lopes >> Sent: Monday, December 04, 2006 18:52 >> Subject: Re: [leaf-user] netfilter additional modules and shorewall >> >> >> >> Hi Christian, >> >> >> Here, for me, the possibilities that has shorewall on the last leaf : >> Darkvabox# shorewall show capabilities >> Shorewall has detected the following iptables/netfilter capabilities: >> NAT: Available >> Packet Mangling: Available >> Multi-port Match: Available >> Extended Multi-port Match: Not available >> Connection Tracking Match: Not available >> Packet Type Match: Available >> Policy Match: Not available >> Physdev Match: Available >> Packet length Match: Available >> IP range Match: Not available >> Recent Match: Available >> Owner Match: Available >> Ipset Match: Not available >> CONNMARK Target: Available >> Extended CONNMARK Target: Available >> Connmark Match: Available >> Extended Connmark Match: Available >> Raw Table: Not available >> IPP2P Match: Not available >> CLASSIFY Target: Available >> Extended REJECT: Available >> Repeat match: Not available >> MARK Target: Available >> Extended MARK Target: Not available >> Mangle FORWARD Chain: Available >> >> >> I also join you the modules (all netfilter modules) which were compiled >> (present in the cvs of the leaf if I am not mistakenÂ…) : >> Darkvabox# ll /lib/modules/net/ipv4/netfilter/ >> drwxr-xr-x 2 root root 900 Nov 25 22:50 . drwxr-xr-x 4 >> root root 120 Nov 25 22:50 .. -rw-r--r-- 1 root root >> 32174 Nov 13 16:47 ip_conntrack.o >> -rw-r--r-- 1 root root 2904 Nov 13 16:47 >> ip_conntrack_amanda.o -rw-r--r-- 1 root root 5168 Nov 13 >> 16:47 ip_conntrack_ftp.o >> -rw-r--r-- 1 root root 4188 Nov 13 16:47 >> ip_conntrack_h323.o -rw-r--r-- 1 root root 4480 Nov 13 >> 16:47 ip_conntrack_irc.o >> -rw-r--r-- 1 root root 4444 Nov 13 16:47 >> ip_conntrack_mms.o -rw-r--r-- 1 root root 5104 Nov 13 >> 16:47 >> ip_conntrack_pptp.o -rw-r--r-- 1 root root 4656 Nov 13 >> 16:47 >> ip_conntrack_proto_gre.o -rw-r--r-- 1 root root 2904 Nov >> 13 16:47 >> ip_conntrack_quake3.o -rw-r--r-- 1 root root 4932 Nov 13 >> 16:47 >> ip_conntrack_talk.o -rw-r--r-- 1 root root 2552 Nov 13 >> 16:47 >> ip_conntrack_tftp.o -rw-r--r-- 1 root root 2236 Nov 13 >> 16:47 ip_nat_amanda.o >> -rw-r--r-- 1 root root 3552 Nov 13 16:47 ip_nat_ftp.o >> -rw-r--r-- 1 root root 4244 Nov 13 16:47 ip_nat_h323.o >> -rw-r--r-- 1 root root 3072 Nov 13 16:47 ip_nat_irc.o >> -rw-r--r-- 1 root root 3972 Nov 13 16:47 ip_nat_mms.o >> -rw-r--r-- 1 root root 4104 Nov 13 16:47 ip_nat_pptp.o >> -rw-r--r-- 1 root root 2468 Nov 13 16:47 >> ip_nat_proto_gre.o -rw-r--r-- 1 root root 2992 Nov 13 >> 16:47 ip_nat_quake3.o >> -rw-r--r-- 1 root root 10868 Nov 13 16:47 >> ip_nat_snmp_basic.o -rw-r--r-- 1 root root 4260 Nov 13 >> 16:47 ip_nat_talk.o >> -rw-r--r-- 1 root root 2712 Nov 13 16:47 ip_nat_tftp.o >> -rw-r--r-- 1 root root 9440 Nov 13 16:47 ip_queue.o >> -rw-r--r-- 1 root root 2120 Nov 13 16:47 ipt_CLASSIFY.o >> -rw-r--r-- 1 root root 2184 Nov 13 16:47 ipt_CONNMARK.o >> -rw-r--r-- 1 root root 3200 Nov 13 16:47 ipt_MASQUERADE.o >> -rw-r--r-- 1 root root 2528 Nov 13 16:47 ipt_MIRROR.o >> -rw-r--r-- 1 root root 1736 Nov 13 16:47 ipt_REDIRECT.o >> -rw-r--r-- 1 root root 3416 Nov 13 16:47 ipt_TARPIT.o >> -rw-r--r-- 1 root root 1512 Nov 13 16:47 ipt_ah.o >> -rw-r--r-- 1 root root 2876 Nov 13 16:47 ipt_condition.o >> -rw-r--r-- 1 root root 1628 Nov 13 16:47 ipt_connmark.o >> -rw-r--r-- 1 root root 1880 Nov 13 16:47 ipt_conntrack.o >> -rw-r--r-- 1 root root 1516 Nov 13 16:47 ipt_esp.o >> -rw-r--r-- 1 root root 1684 Nov 13 16:47 ipt_helper.o >> -rw-r--r-- 1 root root 2400 Nov 13 16:47 ipt_owner.o >> -rw-r--r-- 1 root root 1868 Nov 13 16:47 ipt_physdev.o >> -rw-r--r-- 1 root root 1672 Nov 13 16:47 ipt_quota.o >> -rw-r--r-- 1 root root 11620 Nov 13 16:47 ipt_recent.o >> -rw-r--r-- 1 root root 1424 Nov 13 16:47 ipt_state.o >> -rw-r--r-- 1 root root 1876 Nov 13 16:47 ipt_stealth.o >> -rw-r--r-- 1 root root 1780 Nov 13 16:47 ipt_ttl.o >> -rw-r--r-- 1 root root 24555 Nov 13 16:47 iptable_nat.o >> >> >> Rgds, >> David >> >> >> >> >> On 12/4/06, Christian Villa Real Lopes <[EMAIL PROTECTED]> >> wrote: >> >>> Hi everyone, >>> >>> >>> I'm still testing the new 3.0beta2 and was wondering if is it >>> possible to include all netfilter modules that shorewall support. To >>> make myself clear below is the output from that shows some of shorewall >>> supported features can't be used on leaf-bering because the support >>> was not compiled in. >>> >>> firewall# shorewall show capabilities Shorewall has detected the >>> following iptables/netfilter capabilities: NAT: Available >>> Packet Mangling: Available >>> Multi-port Match: Available >>> + Extended Multi-port Match: Not available >>> + Connection Tracking Match: Not available >>> Packet Type Match: Available >>> + Policy Match: Not available >>> Physdev Match: Available >>> + IP range Match: Not available >>> Recent Match: Available >>> Owner Match: Available >>> + Ipset Match: Not available >>> CONNMARK Target: Available >>> Connmark Match: Available >>> + Raw Table: Not available >>> + CLASSIFY Target: Not available >>> + FORWARD Mangle Chain: Not available >>> firewall# > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your opinions on IT & business topics through brief surveys - and earn > cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > ------------------------------------------------------------------------ > leaf-user mailing list: [email protected] > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
